tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-origin-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html (2497B)

      1 <!doctype html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script src="/common/utils.js"></script>
      5 <script src="/shared-storage/resources/util.js"></script>
      6 <script src="/fenced-frame/resources/utils.js"></script>
      7 
      8 <body>
      9 <script>
     10 'use strict';
     11 
     12 const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     13 
     14 promise_test(async t => {
     15  const ancestor_key = token();
     16  const helper_url = crossOrigin +
     17                     `/shared-storage/resources/credentials-test-helper.py` +
     18                     `?access_control_allow_origin_header=${window.origin}` +
     19                     `&token=${ancestor_key}`;
     20 
     21  return promise_rejects_dom(t, "OperationError",
     22    sharedStorage.createWorklet(
     23      helper_url + `&action=store-cookie`,
     24      { credentials: "include" }));
     25 }, 'createWorklet() with cross-origin module script, credentials ' +
     26   '"include", default data origin (context origin), and without the ' +
     27   'Access-Control-Allow-Credentials response header');
     28 
     29 promise_test(async t => {
     30  const ancestor_key = token();
     31  const helper_url = crossOrigin +
     32                     `/shared-storage/resources/credentials-test-helper.py` +
     33                     `?access_control_allow_origin_header=${window.origin}` +
     34                     `&token=${ancestor_key}`;
     35 
     36  return promise_rejects_dom(t, "OperationError",
     37    sharedStorage.createWorklet(
     38      helper_url + `&action=store-cookie`,
     39      { credentials: "include", dataOrigin: "context-origin" }));
     40 }, 'createWorklet() with cross-origin module script, credentials ' +
     41   '"include", "context-origin" as dataOrigin, and without the ' +
     42   'Access-Control-Allow-Credentials response header');
     43 
     44 promise_test(async t => {
     45  const ancestor_key = token();
     46  const helper_url = crossOrigin +
     47                     `/shared-storage/resources/credentials-test-helper.py` +
     48                     `?access_control_allow_origin_header=${window.origin}` +
     49                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
     50                     `&token=${ancestor_key}`;
     51 
     52  return promise_rejects_dom(t, "OperationError",
     53    sharedStorage.createWorklet(
     54      helper_url + `&action=store-cookie`,
     55      { credentials: "include", dataOrigin: "script-origin" }));
     56 }, 'createWorklet() with cross-origin module script, credentials ' +
     57   '"include", "script-origin" as dataOrigin, and without the ' +
     58   'Access-Control-Allow-Credentials response header');
     59 
     60 </script>
     61 </body>